Open Source Network Forensic Analysis Tool (NFAT)

Mehmet D. İNCE from invictuseurope.com discovered several vulnerability related to the Xplico software. He identified three different vulnerability, two classified as “Hight severity” and one as “Medium severity”. The number assigned for this vulnerability of Xplico is CVE-2017-16666. More details here.
Thanks to Mehmet’s detail report and the collaboration of Mehmet and of Doug Burks of Security Onion Solutions, vulnerabilities have been resolved.
This release fix these issues. It is recommended and exhorts to upgrade your Xplico installations.

As some of you might know CapAnalysis is open source. To analyze the pcap files CapAnalysis uses Xplico with some specific dissectors.

With this release of Xplico we complete the open source migration of CapAnalysis.

Everyone can use CapAnalysis not only by installing it but also by freely using it from the demo site. The demo gives the possibility to upload up to 20MB of PCAP files. No password is required and all data are deleted automatically at 00:00 UTC the day after the creation of dataset.

From the point of view of Xplico users this release doesn’t introduce new features.

In recent days Daniel Borkmann has released a new version of net-sniff-ng, in this new version there are many improvements and new feature. With the last version 0.5.6 net-sniff-ng can be used with Xplico without apply any patch.

So we recommend to all Xplico users to use the last version of net-sniff-ng.

To use net-sniff-ng as a network probe for Xplico on the ethernet interface eth0, with the pcap files in /opt/xplico/pol_1/sol_1 (ie first case and first session in the first case) and with an acquisition time interval of 300 seconds (5 minutes) the command to be use is: